If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register or Login
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Re: Check if DLL is managed or not

Actually, if you open a .NET Library / Application in a binary editor, you will see that the ASCI text "BSJB" is shortly followed by the version of the Framework that the DLL / EXE needs.

So, depending on the presence of this search attribute, you can not only identify whether the library / executible is a managed library, but also the version of the Framework it uses.

Note: This is actually a hack as there seems to be no API that will help you out with your requirement - but, it is reliable (so far) and you can enforce some strong checks that nobody fools your application (though, I doubt if anyone will want to do this).

Re: Check if DLL is managed or not

Originally Posted by kirants

True. But is it foolproof ?

Today it is - tomorrow, who knows - that is why I called it a hack.

On the otherhand - may be we can raise the same question on using a purely PE-based mechanism towards detecting .NET usage? It is theoretically possible for someone to get MSCOREE.DLL into his PE of a non-managed application...

So, may be if one wants to fool-proof his application for a reasonably competent fool, he is better off using both techniques i.e. first look the PE up, and then look the search patterns up?

Originally Posted by kirants

I mean, how did you arrive at the pattern ?

By analyzing the binary contents of many managed assemblies.

However, I must add that I analyzed the content of assemblies generated by Visual Studio only. It would be interesting to peek into a .NET assembly created by a competing compiler - though, I dare say that there aren't too many assemblies created by non-VS compilers out there.

Re: Check if DLL is managed or not

I think I found an important piece of information w.r.t PE and .NET executibles:

Originally Posted by Wiki

Microsoft's .NET Framework has extended the PE format with features which support the Common Language Runtime (an implementation of the .NET Virtual Machine). Among the additions are a CLR Header and CLR Data section. Upon loading a binary, the OS loader yields execution to the CLR via a reference in the PE/COFF IMPORT table. The CLR VM then loads CLR Header and Data sections.

Re: Check if DLL is managed or not

Just to let you all know: the code provided by kirants is great and faster when large assemblies are used. With my code, the whole assembly is searched until the pattern is found. This can take a long time when a large file is used which is no assembly (which means that the whole file must be read).